Class-based policing and CAR question

Let's say you want to police all traffic from Class A to 64,000 bps and Class B to 64,000 bps, and that you want to police the combined traffic being sent out an interface to 96,000 bps. I tried this with CAR using the following config:

access-list 100 permit <Class A match criteria>
access-list 101 permit <Class B match criteria>

interface Serial0/0
 rate-limit output access-group 100 64000 8000 8000 conform-action continue exceed-action drop
 rate-limit output access-group 101 64000 8000 8000 conform-action continue exceed-action drop
 rate-limit output 96000 12000 12000 conform-action transmit exceed-action drop

and it worked as I wanted it to, but when I tried the following config:

policy-map child
 class ClassA
   police cir 64000 bc 8000
     conform-action transmit 
     exceed-action drop 
 class ClassB
   police cir 64000 bc 8000
     conform-action transmit 
     exceed-action drop 

policy-map parent
 class class-default
   police 96000 bc 12000 conform-action transmit  exceed-action drop 
   service-policy child


interface Serial0/0
 service-policy output parent

I found that the policing on the parent takes place first, so if Class A generates a large amount of traffic, the parent policy ends up policing most of Class B's traffic before it is checked by the child policy and only a little over 64,000 bps total is actually sent out of the interface. Is there any way of achieving the same result that I did with CAR in this example using class-based policing?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

You best bet would probably be to shape on the parent policy and then police in the child. Although I don't see why the current config would have not allowed you to go over 64000 combined.

BennyLava

networker050184 wrote: »

You best bet would probably be to shape on the parent policy and then police in the child. Although I don't see why the current config would have not allowed you to go over 64000 combined.

It can allow over 64000, but it depends on the situation. If Class A is sending way more traffic than the policing rate, say 900k, and Class B is sending 60k for a total of 960k, about 9/10 of the traffic will be policed by the parent policy without preference for whether it's Class A traffic or Class B traffic. So, on average about 90k of Class A and 6k of Class B are allowed by the parent policy and compared with the child policy. Class A is policed from 90k to 64k by the child policy and Class B is left alone, so only about 70k total of traffic ends up getting sent. I'm not sure if there's a different way of configuring this with class-based policing that would prevent this from happening. I'm just trying to thinkof situations where CAR might be useful instead of class-based policing.